Unbound on GL-AX1800 with VPN

Technical Support for Routers VPN, DNS, Leaks
1

Hi all,

I’ve got Unbound installed and running on a non-53 port so it doesn’t conflict with dnsmasq. Using DNS Proxy mode, I can utilize the server via the GUI without issue (e.g. setting 127.0.0.1#5353 or 192.168.1.1#5353) as the proxy. Enabling a VPN connection, however, breaks it completely.

I’ve tried allowlisting local IP ranges, adding and tweaking firewall rules, changing the DNS settings in the VPN config file, all to no avail. The other custom DNS settings work just fine, it’s only the proxy mode that seems to not play nice with the VPN.

All ideas and nudges welcome, many thanks!

2

Hi smackaronies:

What is your firmware version?

3

Hi there, I’m on 4.2.3 release5

4

I tested the NETWORK->DNS->Encrypted DNS-> DNS over TLS-> Cloudflare feature, stubby work fine with wireguard VPN, and I think stubby and unbound should be similar.

root@GL-AX1800:/# netstat -npl |grep 5453
tcp        0      0 127.0.0.1:5453          0.0.0.0:*               LISTEN      31192/stubby
tcp        0      0 ::1:5453                :::*                    LISTEN      31192/stubby
udp        0      0 127.0.0.1:5453          0.0.0.0:*                           31192/stubby
udp        0      0 ::1:5453                :::*                                31192/stubby
root@GL-AX1800:/# uci show dhcp.@dnsmasq[0]
dhcp.cfg01411c=dnsmasq
dhcp.cfg01411c.domainneeded='1'
dhcp.cfg01411c.filterwin2k='0'
dhcp.cfg01411c.localise_queries='1'
dhcp.cfg01411c.rebind_localhost='1'
dhcp.cfg01411c.local='/lan/'
dhcp.cfg01411c.domain='lan'
dhcp.cfg01411c.expandhosts='1'
dhcp.cfg01411c.nonegcache='0'
dhcp.cfg01411c.authoritative='1'
dhcp.cfg01411c.readethers='1'
dhcp.cfg01411c.leasefile='/tmp/dhcp.leases'
dhcp.cfg01411c.resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
dhcp.cfg01411c.nonwildcard='1'
dhcp.cfg01411c.localservice='1'
dhcp.cfg01411c.ednspacket_max='1232'
dhcp.cfg01411c.rebind_protection='0'
dhcp.cfg01411c.localuse='1'
dhcp.cfg01411c.server='127.0.0.1#5453'
dhcp.cfg01411c.noresolv='1'

Can you compare the configuration of dnsmasq?

5

Here’s how they compare, it doesn’t appear that toggling the VPN affects these settings.

DNS over TLS → Cloudflare:

image
image844×514 12.4 KB

6

DNS Proxy → 192.168.8.1#1053

image
image848×515 12 KB

7

pls try to channge unbound’s listen ip and dnsmasq’s server ip to 127.0.0.1

8

As stated this doesn’t seem to affect the issue. Unbound resolves just fine when 127.0.0.1 is specified but times out once the VPN is enabled:

image